This HowTo is a quick and easy guide to setting up an Ubuntu 12.04 Samba4 AD DC and join it to an existing AD domain. Setting up a Linux additional DC vs a Windows one is a cheap option since you don't have to worry about a Windows Server license.

This guide is based on Ubuntu 12.04 LTS 64-bit. I have also got it to work on Ubuntu 10.04 LTS 32-bit. For the purposes of this tutorial the AD domain will be yourdomain.tld, the domain Admin account will be Administrator and the server name will be dc02.yourdomain.tld

Ensure your /etc/network/intefaces points to your Windows AD DNS server and windows domain like below where 192.168.0.100 is the your Windows AD DC/DNS server and yourdomain.tld is the actual name of your AD domain:

Joined domain SAMBA (SID S-1-5-21-3565189888-2228146013-2029845409) as a DC

You are now joined to the AD domain.

Next, run the following commands where 192.168.0.100 is the IP of your Windows AD DC/DNS server, yourdomain.tld is the actual name of your AD domain, DC02 is the host name of your newly joined Samba server and 192.168.0.101 is the IP of your newly joined Samba server:

So, the objectGUID for this server is 737506d0-bfe6-40c8-815d-08c3dff7a67f but of course yours will be different.

Next, add the objectGUID to your domain where 192.168.0.100 is the IP of your Windows AD DC/DNS server, your domain.tld is the name of your domain, 737506d0-bfe6-40c8-815d-08c3dff7a67f is the actual objectGUID you got from the previous step, DC02.yourdomain.tld is the hostname of your Samba server and Administrator is the username of your domain admin account. Enter the domain admin password when prompted:

Next, query the domain and ensure the objectGUID is resolvable where 737506d0-bfe6-40c8-815d-08c3dff7a67f is the actual objectGUID of your Samba server and yourdomain.tld is the name of your AD domain. Ensure you include the (.) at the end of the command:

Next, test directory replication by adding a domain account on your Samba server and see if it shows up in your Windows AD DC as follows where someusername is the username of the new user and somepassword is the password of the new user:

Next, go into your Windows AD DC Users and Computers and verify the username you just added is there.

Set Samba to start automatically on system boot

The command to start Samba is simply:

/usr/local/samba/bin/samba

The command to stop Samba is simply:

killall samba

Unfortunately, having to start Samba manually everytime you reboot the server is not ideal so we are going to create a script to do it for us automatically. So, we are going to create a script under /etc/init/ and we are going to name it samba4.conf like below:

Reboot your server and add another account to your domain from your Samba server as described above in order to ensure that Samba started automatically.

Important Facts

It is possible to point your Windows clients DNS settings to your new Samba DC and you would be able to resolve hostnames within your domain only. Since the DNS on your Samba server is not authorative you will not be able to resolve hostnames outside our domain. In order to do that, you must add the following in the /usr/local/samba/etc/smb.conf under the [global] section, save the file and restart Samba: